I had read the Secure Remote Password Protocol paper written by Tom Wu. This protocol is resistant to dictionary attacks. I have also go through some papers regarding to VNC attacks due to weak password and DES encryption. Will this protocol improved the security concern for authentication protocol of remote desktop application.

1 Answer
1

RDP is a protocol with a rather long history, and multiple layers. Recent versions can mix with SSL/TLS in two ways (which can be used concurrently):

Since RDP v5.2, the protocol can embed a TLS session (the TLS records are transported as so many messages by the RDP transport layer); the TLS session protects the connection.

Since RDP v6.0, the whole protocol can be embedded within a TLS session opened from the client to a specific gateway (called Terminal Services Gateway).

Both TLS usages can conceptually use SRP, since there is a standard for that. However, this will not happen until you get an RDP client and an RDP server who agree on using SRP with their TLS tunnels. I am not aware of any existing RDP implementation (either client or server) which currently does that. You could launch an opensource project on the subject, building on FreeRDP (for the RDP protocol) and GnuTLS (for the TLS+SRP part). This is not a five-minute task, though...

Another possibility is to establish a kind of SRP-powered VPN and tunnel the RDP protocol through that. The SSH protocol can help; it includes features for port forwarding through the SSH tunnel, and at least one SSH implementation supports SRP. This kind of tunnelling will be clunkier, but easier to assemble than patching RDP implementations (in particular if you want to use close-source RDP client and servers, which is usually the whole point of RDP: to use Microsoft's client and/or server).